Allianz Global Corporate & Specialty

Allianz Cyber Protect Premium

Digital Business & Data Protection Insurance

Cyber Protect Premium

The amount of data being generated, transmitted, interrogated and stored is growing at an exponential rate.

Cyber security: are you prepared?

Most organisations simply could not function without such data and the software, hardware and communication systems that facilitate its use. The critical nature of this data and the complexity of the systems that support its transmission and use, combined with the possibility of remote and anonymous access, have created the perfect conditions for cyber attacks.

Much can be done to mitigate the risks and manage the threats. A thoughtful and well designed approach to the whole life-cycle of a company’s information technology needs is vital if critical information is to be protected and systems adequately secured.

Cyber risk is the risk most underestimated by business and for which they are least prepared1. The total estimated costs to the global economy of cyber crime is $445bn2

1 Allianz risk Barometer2 Net Losses, Estimating the global cost of cyber crime

CSIS/Macafee

The Director of GCHQ said; “GCHQ now sees real and credible threats to cyber security of an unprecedented scale, diversity and complexity … the mitigation of these risks and management of these threats – in other words, cyber security – is one of the biggest challenges we face today. Responsibility to manage your company’s cyber risks starts and stops at Board level … Value, revenue and credibility are at stake.”

10. Italy$900m

2. China$60bn

8. Russia$2bn

9. Japan$980m

4. Brazil$7.7bn

1. US$108bn

5. UK$4.3bn

3. Germany$59bn

7. France

$3bn

6. India$4bn

How much does cyber-crime cost the world’s leading 10 economies?This AGCS atlas examines the estimated total cost to the global economy from cyber-crime per year, with a particular focus on the impact on the world’s top 10 economies, according to GDP.

US $16.8trn .64% $108bn China $9.5trn .63% $60bn Japan $4.9trn .02% $980m Germany $3.7trn 1.60% $59bn France $2.8trn .11% $3bn

UK $2.7trn .16% $4.3bn Brazil $2.4trn .32% $7.7bn Russia $2.1trn .10% $2bn Italy $2.1trn .04% $900m India $1.9trn .21% $4bn

$445bn1 annual cost to the global economy

Sources: 1 World Bank (2013) 2 Net Losses: Estimating the

Global Cost of Cyber-Crime, CSIS/McAfee

3 Allianz Global Corporate & Specialty

Country Ranking Cyber-crime as Estimated by GDP1 a % of GDP2 cost3

Country Ranking Cyber-crime as Estimated by GDP1 a % of GDP2 cost3

1 6

2 7

3 8

4 9

5 10

$250bn cost of cyber-crime to world’s 10 leading economies

$200bn+ annual cost to top four economies.

50%+ top 10 economies share of annual cost

1 CSIS/McAfee

Rankings according to cyber-crime costs

Cyber Protect Premium

How can you reduce your risk?There are many excellent resources available to help companies mitigate their risk. However one thing is clear, good cyber risk management is only effective if it is fully supported at the Board level. It is good risk management planning and practice that makes the difference between companies that effectively manage their risk and those that don’t.

All the various aspects of the information security policy should be maintained, monitored, tested and finally amended as necessary to produce a robust security environment and to reduce the possibility of data loss due to cyber crime.

However the sheer number and evolving sophistication of security threats mean it is impossible for any organisation to guarantee total security. In such circumstances effective risk transfer is an important weapon in the risk manager’s arsenal.

“ basic information risk management can stop up to 80% of the cyber attacks seen today”

10 Steps to cyber Security – Executive Companion 2012

* Source: Internet Security Threat Report volume 21 2016 Symantec

** Source: Ponemon Institute 2014 Cost of Data Breach Study

What are the threats?2015 saw a 55% increase in the number of spear-phishing campaigns against companies whilst the recipients per campaign and the duration of the campaign fell indicating a greater degree of targeting and sophistication. Most spear phishing campaigns are directed against the financial sector. Smaller companies with less than 250 employees are being specifically targeted and accounted for 43% of all attacks in 2015, up from 34% in 2014.

Spear phishing together with other threat vectors has lead to an increase in the number mega breaches. In 2015 the number of mega breaches (more than 10m identities exposed) rose to 9, more than double that in 2014. The total number of identities exposed in all breaches is estimated to be a staggering 429m, 23% up on last year.*

The costs associated with a data breach are significant, in a recent report by the Ponemon Institute** the average cost of a data breach to a company in the UK is estimated at over $3m and in the US is estimated at approximately $6m.

Cyber Protect Premium

93% of large organisations had a security breach

in 2012

(Department of Business Innovation & Skills – 2013 Information Security breaches survey)

What are the legal obligations?Privacy law has existed for a long time in most jurisdictions and is now being supplemented by specific data protection legislation.

When personally identifiable information is lost it is a legal requirement in most US states that each individual is notified and that actions are taken to mitigate any potential loss (such as credit monitoring and the changing of bank account details). These costs, together with other associated costs, add up very quickly. In addition to State law there is Federal law that enables class actions arising from privacy breaches.

Outside the US, privacy and data protection laws are not always as uniform, many jurisdictions are rapidly addressing this. The EU has recently agreed the new General Data Protection Regulation (GDPR) which will replace the existing Data Protection Directive and significantly expands its scope. The backstop for full adoption in all member states is 2018. Many of the provisions place a considerable financial burden on companies both in terms of compliance and remediation, for example one of the provisions states that a data subject should have the right to be forgotten, the cost of removing that individual’s data from all data bases might be prohibitive. There is also a two tier

approach to fines that can be as much as 4% company’s global turnover depending on the nature and the severity of the breach. Crucially there are provisions requiring the mandatory notification of the regulator (and in certain circumstances) all data subjects, in the event of a data breach. The GDPR, which applies to companies domiciled in the EU (and companies domiciled elsewhere but with operations in the EU) whether they be data controllers or data processors, dramatically increase the obligations and potential liabilities in the event of a data breach.

The “10 Steps To Cyber Security” for all companies

1. Implement an effective governance structure, maintain the Board’s engagement and produce appropriate information security policies which as a minimum should include;

2. User education and awareness training3. Have monitoring polices and procedures for all networks and systems4. Have incident management procedures including response and disaster recovery5. Implement network security policies and procedures6. User privileges managed and controlled7. Secure configuration guidance8. Implement malware protection procedures9. Control removable media usage10. Monitor mobile and home working procedures

Cyber Protect Premium

The cover

Allianz can commit up to

€100m in cover.

Cyber Protect Premium provides comprehensive cover to ensure a company is fully protected in the event of data loss or a cyber security incident. The policy provides a full suite of third party and first party covers as well as all the costs typically associated with a cyber incident.

Allianz Cyber Protect Premium – A comprehensive and flexible suite of covers

Coverage – third party liability

• Privacy and Confidentiality Breach Liability - for personal and corporate data loss• Network Security Liability – for claims against you for failing to secure your network• Media Liability - for claims against you arising out of your digital publications• Regulatory Legal Costs – for defence costs and fines and penalties • Internal Investigation Costs – as a result of a regulatory request• Consumer Redress Fund – as required by law for consumer claims• PCIDSS costs – for contractual penalties imposed by the Payment Card Industry for breach of

their Data Security Standards.

Coverage - First party liability

• Business Interruption – for loss of profits and other costs associated with cyber attacks, internal errors and unexpected technical failures.

• Business Interruption due to a Regulatory order • Hacker Theft – for loss of funds • Cyber Extortion – for costs associated with a cyber extortion threat.

Coverage – costs

• Crisis management costs – for all the costs associated with a cyber incident ,including forensic, legal, credit monitoring etc

• Notification costs & Voluntary Notification Costs – for the costs (mandatory or otherwise) of notifying data subjects and regulators

• Reputational advice costs – to help with the reputational impact• Mitigation costs – to help reduce further loss• Restoration costs – following a cyber business interruption event.• Betterment- for the reasonable upgrade of hardware and software following an incident.• Emergency costs- for any costs that need to be incurred immediately without the insurers

consent.

Cyber Protect Premium Plus We have the ability to design a bespoke solution tailored to the clients’ specific needs. Our cyber team will conduct a full assessment of coverage requirements and will work with the broker and client to build a bespoke solution.

Cyber Protect Premium

Our underwriting team and how to get a quoteOur underwriting team will be able to deal with your queries and can guide you through the process of getting a quote, please contact:

Yogesh “Yogi” VirjiPhone +44 (0) 203 451 3971Mobile +44 (0) 7901 915 286yogi.virji@allianz.com

Dell Secureworkswww.secureworks.co.uk

KPMG Forensichome.kpmg.com

Thaleswww.thalesgroup.com

FireEyewww.fireeye.com

BAE Systemswww.baesystems.com

Netdilligencewww.netdiligence.com

The Claims Process and our expert panelIn the event of a cyber security incident or loss of data an appropriate and speedy response is required to manage the incident successfully. Allianz have a panel of organisations with expertise in their fields who will help you to resolve the incident with a full range of services including; IT forensic services, (including notification services, credit monitoring services etc as needed) media crisis management services and specialist legal services.

Once an incident is identified you should immediately inform us via your broker, we will then suggest the appropriate experts that you can engage to work closely with you (within the ambit of your crisis management plan) to bring about a speedy resolution of the incident. Our experts will provide pre-loss training and services to support your information security policies if required. We also have the benefit of our inhouse expertise of engineers in Allianz Risk Consulting who will help us understand the full extent of your exposures.

Forensic IT

Clyde & Cowww.clydeco.com

RPCwww.rpc.co.uk

Brunswick www.brunswickgroup.com

Hill + Knowlton www.hillandknowlton.co.uk

Crisis consultants

Disclaimer

The material contained in this publication is designed to provide general information only and does not form the basis of a contract or policy wording. While every effort has been made to ensure that the information provided is accurate, this information is provided without any representation or warranty of any kind about its accuracy and Allianz Global Corporate & Specialty cannot be held responsible for any mistakes or omissions. For a more detailed description of the product, please see the official policy wording.

Copyright © 2013 Allianz Global Corporate & Specialty AG. All rights reserved.

Allianz Global Corporate & Specialty (AGCS) consists of various legal companies, namely Allianz Global Corporate & Specialty AG, Allianz Global Corporate & Specialty (France), Allianz Global Corporate & Specialty North America (legal names Allianz Global Risks US Insurance Company, Allianz Underwriting Insurance and AGCS Marine Insurance Company), Allianz Risk Transfer AG and Allianz Fire and Marine Insurance Japan Ltd.

Allianz Global Corporate & Specialty AG, Fritz-Schäffer-Strasse 9, 81737 Munich, Germany

AGCS/2410

Legal ExpertsWe have access to appropriate legal experts in many jurisdictions including firms such as:

DAC Beechcroft www.dacbeachcroft.com

CNCwww.cnc-communications.com